[Patch] BIO free bug in bio ssl.c/ssl free() implementation
Hi,
I've noticed that BIO_NOCLOSE flag does not have
the desired effect on ssl_bio, i.e. SSL connection
is closed regardless of whether this flag is set, or not.
This patch should fix the problem.
--- openssl/ssl/bio_ssl.c 2002-01-12 16:56:10.0 +0100
+++ openssl.patched/ssl/bio_ssl.c 2003-02-07 15:22:09.0 +0100
@@ -125,7 +125,7 @@
if (a == NULL) return(0);
bs=(BIO_SSL *)a-ptr;
- if (bs-ssl != NULL) SSL_shutdown(bs-ssl);
if (a-shutdown)
{
+ if (bs-ssl != NULL) SSL_shutdown(bs-ssl);
if (a-init (bs-ssl != NULL))
SSL_free(bs-ssl);
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
[PATCH] Engine in OCSP
Hi,
It seems, that the engine support in ocsp is missing. Below is a simple
patch which adds that support:
diff -Nu --recursive openssl-0.9.7/apps/ocsp.c openssl-0.9.7-new/apps/ocsp.c
--- openssl-0.9.7/apps/ocsp.c Tue Dec 3 17:34:23 2002
+++ openssl-0.9.7-new/apps/ocsp.c Tue Feb 11 15:16:42 2003
@@ -105,7 +105,6 @@
int MAIN(int argc, char **argv)
{
- ENGINE *e = NULL;
char **args;
char *host = NULL, *port = NULL, *path = /;
char *reqin = NULL, *respin = NULL;
@@ -144,6 +143,10 @@
TXT_DB *rdb = NULL;
int nmin = 0, ndays = -1;
+ENGINE *e = NULL;
+int rkeyform=FORMAT_PEM;
+const char *engine = NULL;
+
if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
@@ -505,6 +508,24 @@
}
else badarg = 1;
}
+else if(!strcmp(*args, -engine) )
+ {
+if (args[1])
+ {
+ ++args;
+ engine = *args;
+}
+ else badarg = 1;
+ }
+else if(!strcmp(*args, -rkeyform) )
+ {
+if( args[1] )
+ {
+ ++args;
+ rkeyform=str2fmt(*args);
+ }
+ else badarg = 1;
+ }
else badarg = 1;
args++;
}
@@ -520,6 +541,8 @@
BIO_printf (bio_err, -out file output filename\n);
BIO_printf (bio_err, -issuer file issuer certificate\n);
BIO_printf (bio_err, -cert file certificate to check\n);
+ BIO_printf (bio_err, -engine e use engine e, possibly a
+hardware device.\n);
+ BIO_printf (bio_err, -rkeyform arg private key file format (PEM
+or ENGINE).\n);
BIO_printf (bio_err, -serial n serial number to check\n);
BIO_printf (bio_err, -signer file certificate to sign OCSP
request with\n);
BIO_printf (bio_err, -signkey file private key to sign OCSP
request with\n);
@@ -563,6 +586,8 @@
BIO_printf (bio_err, -nrequest nnumber of requests to accept
(default unlimited)\n);
goto end;
}
+
+e = setup_engine(bio_err, engine, 0);
if(outfile) out = BIO_new_file(outfile, w);
else out = BIO_new_fp(stdout, BIO_NOCLOSE);
@@ -617,7 +642,7 @@
NULL, e, responder other certificates);
if (!rother) goto end;
}
- rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL,
+ rkey = load_key(bio_err, rkeyfile, rkeyform, 0, NULL, e,
responder private key);
if (!rkey)
goto end;
@@ -870,6 +895,7 @@
ret = 0;
end:
+ if(e) ENGINE_free(e);
ERR_print_errors(bio_err);
X509_free(signer);
X509_STORE_free(store);
@@ -1225,4 +1251,3 @@
BIO_flush(cbio);
return 1;
}
-
regards,
--
Wojtek lusarczyk
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: IMPORTANT: please test snapshot openssl-0.9.7-stable-SNAP-20030214.tar.gz
On Fri, Feb 14, 2003 at 06:08:34PM +0100, Bodo Moeller wrote: Please test snapshot openssl-0.9.7-stable-SNAP-20030214.tar.gz (or later), which will be available today around 8 p.m. GMT at URL: ftp://ftp.openssl.org/snapshot;type=d . openssl-0.9.7-stable-SNAP-20030216 on current Cygwin 1.3.20. Building and installing shared and static libs using the utils/cygwin.sh script (but with idea, rc5 and mdc2) works fine. All tests pass. Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #509] about Suse
Hello (a beginner using linux+ssl) I tried to install the latest version of openssl (openssl-0.9.7.tar.gz) under Suse Linux 7.2 but it makes no results. The make and make install command doesn´t work. Then I tried with the version 9.6h.tar.gz and the make and make install runs. The only problem I had is that i received an error messages like this: make[2]: Leaving directory `/var/tmp/openssl-0.9.6h/crypto/rand' making all in crypto/err... make[2]: Entering directory `/var/tmp/openssl-0.9.6h/crypto/err' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/var/tmp/openssl-0.9.6h/crypto/err' making all in crypto/objects... make[2]: Entering directory `/var/tmp/openssl-0.9.6h/crypto/objects' /usr/local/bin/perl objects.pl objects.txt obj_mac.num obj_mac.h make[2]: /usr/local/bin/perl: Command not found make[2]: *** [obj_mac.h] Error 127 make[2]: Leaving directory `/var/tmp/openssl-0.9.6h/crypto/objects' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory `/var/tmp/openssl-0.9.6h/crypto' make: *** [sub_all] Error 1 What I understand is that openssl is looking for archive perl, under the the directory /usr/local/bin/ ..but in my computer the archive perl is located at /usr/bin/. My question is ..What I can do ..so that ..when I run the make install ..it looks for the perl archive in /usr//bin/ and not in /usr/local/bin If you have other solution please let me know... Thanks a lot __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
